Cisco CP-8961 MIC certificates
Hi Everybody,
we want to configure 802.1X eap-tls authentication on our CP-8961 phones. Following the steps in this documentation
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/IP_Tele/IP_Telephony_DIG.html#wp390292
I was able to configure EAP-TLS for our phones. Unfortunatelly according to ACS logs both MIC and LSC rules do not match. The authentication matches the default rule (permit access), but the TLS handshake succeeded every time. Since Im not SSL/TLS guru I assume the phone has a certificate.
To view the certificate installed on the phone I followed this instruction https://supportforums.cisco.com/docs/DOC-25798. In the first step you trigger the "troubleshoot" from our cucm. Unfortunatelly it does not genereate enything under /cm/trace/capf/sdi
So now my question is what certificate does my 8961 uses for EAP-TLS (MIC and LSC rules do not match, troubleshoot does not generate anything) and how can I view the certificate without capturing the traffic with tcpdump/wireshark.
Thanks in advance
Could solve my problem.
Since I did not choose right Device Security Profile option on CUCM under phone configuration, the "troubleshoot" option under CAPF did not generate any output under /cm/trace/capf/sdi.
After creating right security profile for my CP-8961 deskphone, "troubleshoot" succeeded.
Reviewing generated MIC certificate I noticed that OU is not EVVBU like described here
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html#wp389672 but is VTG.
After changing OU from evvbu to VTG on my ACS the rule matches.
Similar Messages
-
Cisco Jabber for Windows Certificate Issues
Hi,
I have configured a Cisco Jabber with device security mode "Encrypted". Once I use this mode I am getting a error message in Cisco Jabber as:
"The certificate enrollment for secure computer calling has not been activated. Contact your system administrator."
The softphone feature is not working because of this.
Do you have any fix for this issue?
Thanks,
VJHi Jonathan,
I have one more issue with Cisco Jabber using authentication string. The authentication string works fine with the Jabber and softphone functionality is working.
Now the problem is: if the single user has two Jabber clients, one installed on laptop and second on desktop, the authentication string window is presented to the jabber client which logs in first. For example is I login from my laptop the window pops up to enter the authentication string. But now when I open the Jabber on my desktop it doesn't give me option to enter the authentication string and the softphone doesn't work.
Thanks,
Vaijanath -
Cisco anyconnect 3.1 - Certificate Validation Failure.
When i try to start a SSL VPN connection to the ASA(8.4) with anyconnect 3.1, Cisco anyconnect receives a message saying "No Valid Certificates Available for Authentication".
Prior to the test;
On the ASA, i have obtain CA certificate and its identity certificate. (Both certificates obtain from windows 2008 CA).
* ASA identity certificate's have EKU attribute = Server Authentication, Key Usage = Digital Signature, Key Encipherment.
On the PC in which anyconnect installed, i have obtain User Certificate (this User certificate also obtain from the same windows 2008 CA)
* Prior to obtaining User certificate from the windows2008 CA, ASA acts as a SCEP proxy onbehalf of the client PC.
* User Certificate's has EKU attribute = Client Authentication.
As in the ASDM Logs, it almost work.
In days of troubleshooting, i still could not find the cause of this problem. Error message as appeared on anyconnect;
Is there anyone could help.???
Keshara from Sri Lanka.Just run into this as well. We have CRL checking turned on. Turned out to be the CRL server was down. But that was the same message I got when the client wouldn't connect.
-
Import cert in Cisco 7921 with error "certificate verification failed"
Hi everyone
I am trying to install a digit cert on a 7921 and I get the message on import of "certificate verification failed".
I have tried a number of time, create CSR file then login to certificate web site and get file assigned then import it back to the phone. I used the DER format
Many thx indeed,
RoyHi,
Referencing: https://supportforums.cisco.com/thread/2095711
Have you followed the steps outlined in page 72 of this guide? This should be applicable to 792x.
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf
Do you have any trace logs from the phone you can post after your attempt to import the cert? -
NPS and Cisco ASA 5510 - AnyConnect Certificate based authentication
Hi everyone,
Hoping someone can help please.
We're trying to go for a single VPN solution at our company, as we currently have a few through, when buying other companies.
We're currently running a 2008 R2 domain, so we're looking at NPS and we have Cisco ASA 5510 devices for the VPN side.
What we would like to achieve, is certificate based authentication. So, user laptop has certificate applied via group policy based on domain membership and group settings, then user goes home. They connect via Cisco AnyConnect via the Cisco ASA 5510 and
then that talks to MS 2008 R2 NPS and authenticates for VPN access and following that, network connectivity.
Has anyone implemented this before and if so, are there any guides available please?
Many Thanks,
Dean.Hi Dean,
Thanks for posting here.
Yes, this is possible . But we have guide about a sample that using Windows based server (RRAS) to act as VPN server and working with Windows RADIUS/NPS server and use certificate based authentication method (Extensible Authentication Protocol-Transport
Layer Security (EAP-TLS) or PEAP-TLS without smart cards) for reference :
Checklist: Configure NPS for Dial-Up and VPN Access
http://technet.microsoft.com/en-us/library/cc754114.aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support -
Cisco ISE User Authentication Certificates for Wired and Wirless Users (BYOD)
Can any one tell me from where we can purchase User Authentication Certificates for Wired and Wireless Users (BYOD) for Cisco ISE. Also Confirm what certificates we required for the purpose.
Please suggest the Website form where we can purchase and ipmort in Cisco ISE certificate Section.
Thanks.Dear Mohana,
Thanks for your reply, Can you please confirm me in regards EAP-TLS certificate, which authorities you recomend if i go to Go dadday or very Sign to buy it and then import in ISE.
Looking forward for your reply.
Regards,
Muhammad Imran Shaikh
Resident Engineer, IT Network Section - PPL
Mobile : 0092-312-288-1010
LinkedIn : pk.linkedin.com/pub/muhammad-imran-shaikh/10/471/b47/ -
Cisco NCS install signed certificate
Hello!
I have difficulties to install wildcard certificate(*.domain.com) into Cisco NCS Prime.
admin#ncs key importkey key.pem cert.perm repository ftpRepo
INFO: no staging url defined, using local space. rval:2
INFO: no staging url defined, using local space. rval:2
The WCS server is running
Changes will take affect on the next server restart
Importing RSA key and matching certificate
Everything looks good! But after server restart I see old, self-signed certificate.
Please help me with this issue.restore.log:
Mon Mar 4 15:37:29 NOVT 2013: dowload of 2015_02_16.crt from repository ftpRepo: success.
Mon Mar 4 15:37:29 NOVT 2013: dowload of 2015_02_16.key from repository ftpRepo: success.
ADE.log:
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: transfer: cars_xfer_util.c[125] [admin]: full url is ftp://10.54.111.20/2015_02_16.key
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:backup: br_backup.c[41] [admin]: flushing the staging area
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: locks:file: lock.c[385] [admin]: released backup lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[252] [admin]: running date
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[52] [admin]: created backup history lock file
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[76] [admin]: obtained backup history lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[160] [admin]: loaded history file /var/log/restore.log
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[118] [admin]: stored backup history file
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[118] [admin]: stored backup history file
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[90] [admin]: released backup history lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[310] [admin]: added record to history
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: locks:file: lock.c[371] [admin]: obtained backup lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: config:backup: br_stage.c[72] [admin]: staging config set to default settings
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:backup: br_backup.c[41] [admin]: flushing the staging area
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: locks:file: lock.c[371] [admin]: obtained repos-mgr lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: config:repository: rm_repos_cfg.c[173] [admin]: loaded repository ftpRepo
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: locks:file: lock.c[385] [admin]: released repos-mgr lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: transfer: cars_xfer.c[54] [admin]: ftp copy in of 2015_02_16.crt requested
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: transfer: cars_xfer_util.c[92] [admin]: ftp get source - 2015_02_16.crt
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: transfer: cars_xfer_util.c[93] [admin]: ftp get destination - /opt/CSCOncs/migrate/restore/2015_02_16.crt
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: transfer: cars_xfer_util.c[112] [admin]: initializing curl
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: transfer: cars_xfer_util.c[125] [admin]: full url is ftp://10.54.111.20/2015_02_16.crt
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:backup: br_backup.c[41] [admin]: flushing the staging area
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: locks:file: lock.c[385] [admin]: released backup lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[252] [admin]: running date
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[76] [admin]: obtained backup history lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[160] [admin]: loaded history file /var/log/restore.log
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[118] [admin]: stored backup history file
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[118] [admin]: stored backup history file
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[90] [admin]: released backup history lock
Mar 4 15:37:29 sib-ncs01 debugd[3452]: [6990]: backup-restore:history: br_history.c[310] [admin]: added record to history
keyadmin-0-1.log:
03/01/13 16:00:14.962 INFO [system] [main] Setting management interface address to 10.54.11.108
03/01/13 16:00:14.968 INFO [system] [main] Setting peer server interface address to 10.54.11.108
03/01/13 16:00:14.968 INFO [system] [main] Setting client interface address to 10.54.11.108
03/01/13 16:00:14.968 INFO [system] [main] Setting local host name to sib-ncs01
03/01/13 16:00:17.647 INFO [admin] [main] The WCS server is running
03/01/13 16:00:17.647 INFO [admin] [main] Changes will take affect on the next server restart
03/01/13 16:00:17.647 INFO [admin] [main] Importing RSA key and matching certificate
Other logs dont show issues. -
Cisco ASA Backup Restore Certificates
I have a Cisco ASA 5505 as a BOVPN endpoint using certificates. The config is complete and I now need to back it up and restore to a cold standby Cisco ASA 5505 that will sit on the shelf until something goes wrong.
Problem is I cannot restore my certifcates to the standby.
Can someone point me to a process please.
I have tried the backup and restore wizard in ASDM and to be honest it didn't work.
Please help.
Thanks,Martin,
Wouldn't it be simpler to put the two in failover for a few minutes (sync is done automatically on bulk sync).
Otherwise I can suggest to export the certificate in PKCS12 (cert + RSA) from active unit and import it into the "standby".
Active:
ciscoasa(config)# crypto ca export TEST pkcs12 cisco123
Standby:
ciscoasa(config)# crypto ca import TESTBLA pkcs12 cisco123
Marcin -
Certificate authentication for Cisco VPN client
I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.Dear Doug ,
What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
1) What is the AnyConnect Essentials License?
The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers" platform limit with AnyConnect. Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device. With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
Any connect VPN Configuration .
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml -
EAP-TLS w/freeradius failing. Phone doesn't present Client certificate.
Hello,
I'm currently on the first phases of deploying a Cisco IPT 802.1X based proof of concept using freeradius, Cisco switching infrastructure (4500's).
The requirements are to use EAP-TLS authentication for the phones, and freeradius as Radius Server.
While trying out the concept in lab using an ISE Radius server, the configuration was straightforward and I did manage to authenticate IP phones using their MIC certificates to the ISE.
Going to actual testing with freeradius, EAP-TLS authentication keeps looping, the phones keep sending RADIUS Access requests, but not being rejected or allowed.
What was done:
- set up freeradius with EAP-TLS configuration, trusting both cisco CA root and manufacturing root.
- freeradius has a server certificate generated by Thawte SSL CA certificate, where EKU fields are properly set for server authentication (and also client authentication)
- Phone had 802.1X enabled (and it does support EAP-TLS, as verified with the ISE test)
What I can see while running a wireshark trace on freeradius is:
- both parties negotiate properly that they will engage in EAP-TLS.
- they start the TLS handshake
- Server sends its certificate on a Server Hello to the phone (which is meant to not validate it)
- Client (phone) never sends its certificate (MIC) to the server.
- Client restarts EAP-TLS negotiation and goes on and on.
Unfortunately the debugs/Captures on freeradius do not allow to verify if the server certificate exchange is finished, or if it is failing somewhere (like a fragment being dropped).
Does anyone have an idea on what might be happening? I find it very strange that the phone, on a freeradius deployment, would behave differently than one on a ISE deployment, especially because it doesn't validate the server certificate, so it shouldn't matter what is presented to the phone.
Phone firmware is 9.2(3) and callmanager 8.6
Thanks
Gustavo NovaisFound the problem. Apparently ADU can't access certificate store if client is not part of the AD domain
-
Hi all,
We recently installed a pair of Cisco 5508 controllers running 7.6.110.0. Right now I don't want to use the 'Redundancy' / 'HA' features, preferring instead to run with an Active/Standby pair controller through the HA tab configured in all APs.
As part of the upgrade to 7.6.110.0 we upgraded the secondary controller first, moved APs over one by one, then upgraded the primary. Right now I am having an issue moving the APs back to the primary. To confirm:
- the mobility group is the same on both devices
- mobility is up
- I am allowing MIC certificates
- AP fallback is enabled
- device names, etc all match as I appreciate there can be issues as this is case sensitive
As far as I was aware that was all that needed to match for this to work. One thing I have noticed however is that if I go into Redundancy -> Global Configuration both the Primary and Seconday are defined as the 'Primary' redundant unit. I've not activated, at least I thought I had not activated, this level of redundancy. Could this be what is causing it? I'm a bit wary of changing this value as I believe the controller will reboot.
Can anybody shed any light on this. The intention was to eventually enable the redundancy and SSO, etc but not right now.
ThanksHi Leo, Scott
So I was doing a bit more reading on this http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/69639-wlc-failover.html it is an old document but working through it the document suggested that you didn't need to specify the IP address of the Primary or Secondary controller in the Wireless -> All AP -> AP_NAME -> High Availability. I removed this from one of the APs that was at the time serving no clients and tried to move it to the secondary and it worked. I then moved it back to the primary and it worked again.
Any reason why this would happen? The IP addresses I was using were 100% correct. The only difference I see for this controller as opposed to others we manage is the introduction of new interface types i.e. 'redundancy management' , 'redundancy port' ,etc. I do not have redundancy enabled so I'm guessing not, but having trawled through the configuration this is the only difference I can see? -
Hi,
I'm having a problem when trying to import certificates to my Nokia E51. When i downloaded the file from the web, my phone keep saying “File Corrupted”.
I have tried using other web solution and also uploading files to my own web server and setting the MIME types. Both ways i get the same result.
Anyone have any idea why its say corrupt?
Thanks
BillyHello,
It depends which type of certificat you would like to import.
Anyway crypto ca import command is a good start.
You can find 2 examples of certificates import here:
http://www.fcug.fr/cisco-asa-importer-un-certificat-pkcs12 and http://www.fcug.fr/migrer-un-certificat-ssl-de-vpn3000-vers-asa
Thanks -
Cisco ACS register to primary with different acs versions
Hello, I've updated a backup unit of two acs to version 5.4.0.46.0a first I changed it to standalone, and now I try to register to the main ACS which is running version 5.1.0.44.2
And I get this error
This System Failure occurred: com.cisco.nm.acs.im.certificate.Certificate; local class incompatible: stream classdesc serialVersionUID = 8507982043664257993, local class serialVersionUID = 1927357986028617243. Your changes have not been saved.Click OK to return to the list page.
What can I do to solve it?
Kind regardsThe primary and secondary should be running on the same code.
Jatin Katyal
- Do rate helpful posts - -
Cisco ISE in Apple Mac Environment
Hi,
One of our clients need to implement BYOD in their network. They are using Mac servers and clients. The requirement is to authenticate (wireless) users against the Mac directory server, in order to provide access to resources. I am trying to figure out whether Cisco ISE can perform LDAP authentication with Mac server. As per this document, Mac server is not a supported external identity source/LDAP server. Currently they are providing access to users by adding MAC addresses to WLC manually, which is not practical now due to increase in number of end devices, and limitation in MAC addresses supported by WLC (2048).
Is it possible to implement this? Has anyone came across similar scenario?
Thanks,
JohnThe Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other attributes that are associated with the user for use in authorization policies. You must configure the external identity source that contains your user information in Cisco ISE. External identity sources also include certificate information for the Cisco ISE server and certificate authentication profiles.
Both internal and external identity sources can be used as the authentication source for sponsor authentication and also for authentication of remote guest users.
Table 5-1 lists the identity sources and the protocols that they support.
Table 5-1 Protocol Versus Database Support
Protocol (Authentication Type)
Internal Database
Active Directory
LDAP1
RADIUS Token Server or RSA
EAP-GTC2 , PAP3 (plain text password)
Yes
Yes
Yes
Yes
MS-CHAP4 password hash: MSCHAPv1/v25 EAP-MSCHAPv26 LEAP7
Yes
Yes
No
No
EAP-MD58 CHAP9
Yes
No
No
No
EAP-TLS10 PEAP-TLS11 (certificate retrieval) Note For TLS authentications (EAP-TLS and PEAP-TLS), identity sources are not required, but are optional and can be added for authorization policy conditions.
No
Yes
Yes
No
1 LDAP = Lightweight Directory Access Protocol. 2 EAP-GTC = Extensible Authentication Protocol-Generic Token Card 3 PAP = Password Authentication Protocol 4 MS-CHAP = Microsoft Challenge Handshake Authentication Protocol 5 MS-CHAPv1/v2 = Microsoft Challenge Handshake Authentication Protocol Version 1/Version 2 6 EAP-MSCHAPv2 = Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol Version 2 7 LEAP = Lightweight Extensible Authentication Protocol 8 EAP-MD5 = Extensible Authentication Protocol-Message Digest 5 9 CHAP = Challenge-Handshake Authentication Protocol 10 EAP-TLS = Extensible Authentication Protocol-Transport Layer Security 11 PEAP-TLS = Protected Extensible Authentication Protocol-Transport Layer Security
and for the WLC Check the Link : www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html#backinfo -
Importing Cisco VPN information into Finder VPN
Hello,
I have recently upgraded to OSX Lion and the Cisco VPN Client used by my university no longer works. They suggest another client (Shrew Soft), which also doesn't work. What I'd like to be able to do is use the VPN configuration information provided by my institute with the Finder's own VPN capability, bypassing the need for a buggy client programm.
I've already read this thread, however it hasn't helped:
https://discussions.apple.com/thread/2274119?start=0&tstart=0
My problem seems to be that I need TWO files to configure Cisco correctly, a root certificate (which appears to be in .pem format) and a .pcf file. If I follow the "standard procedure" for importing the .pcf details -- that is, without using the root certificate somehow -- I get the message "The VPN server did not respond. Verify the server address and try reconnecting." Clearly I need somehow to be using BOTH files in order to establish a connection.
I have messed around with adding the root certificate to my System keychain, but the Finder doesn't display it when I go to "authentification settings". Instead I have only two certificates with "apple" in the name.
Even if I could add the root certificate successfully, this would surely be fruitless, as I would then no longer be using the shared secret.
SO, my query is: How can I combine both of these files into a single certificate that I can then add to my keychain and use for machine identification? Please bear in mind that I am not a computer specialist and am not au fait with Open SSL, and so forth. I'm prepared to grapple with it if it's the only way to get my VPN working again, but I will really need a very clear explanation of each step!
Many thanks in advance!No ideas?
Maybe you are looking for
-
When I pair my new iPhone 5S in my 2014 Lexus it displays and allows me to read the SMS messages off my phone on the car display but it does not display or allow me to read email messages. When pairing my previous Blackberry Torch the car displayed a
-
How do I connect a second LaCie drive to my iMac 24"
Hi, Im new at this and would like to know how do I connect my second 1TB LaCie drive to my 24" iMac. Im not sure if I need to connect it directly to my current LaCie drive since my iMac does not have a second firewire 800 port. Also, should I disconn
-
Upgrade from 10.3.9 to 10.4: Nervous
Hello, For various reasons (including a new iPod and my machine's inability to meet system requirements for OS 10.5), I need to upgrade to Tiger from 10.3.9. However, after exhaustive Web research (and reading about other people's horror stories in d
-
Smartform-Special Polish Characters
Hi All, I am sending a smartform output through email and fax.I am using standard texts for displaying the header texts in polish language.When it's in the preview it shows perfectly,when converted to PDF special characters are not displayed. W
-
Hi, Pls tell me whats wrong with this stmt which is giving null values . SELECT Aaufnr Bgstri Bgstrs Aautyp Aloekz Akokrs A~abkrs into corresponding fields of table it_aufk FROM AUFK AS A INNER JOIN AFKO AS B